接口配置:
SW2:
[sw2]vlan 10
[sw2]vlan 20
[sw2]interface GigabitEthernet 0/0/1
[sw2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[sw2]interface GigabitEthernet 0/0/2
[sw2-GigabitEthernet0/0/2]port link-type access
[sw2-GigabitEthernet0/0/2]port default vlan 10
[sw2-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3
[sw2-GigabitEthernet0/0/3]port link-type access
[sw2-GigabitEthernet0/0/3]port default vlan 20
fw:
[FW]interface GigabitEthernet 1/0/0
[FW-GigabitEthernet1/0/0]ip add
[FW-GigabitEthernet1/0/0]ip address 10.0.0.254 24
[FW]interface GigabitEthernet 1/0/2
[FW-GigabitEthernet1/0/2]ip address 100.1.1.10 24
[FW]interface GigabitEthernet 1/0/1.1
[FW-GigabitEthernet1/0/1.1]ip address 172.16.1.254 24
[FW-GigabitEthernet1/0/1.1]vlan-type dot1q 10
g1/0/1.2:web页面:
Server
Clinet1,Clinet3,pc2:dhcp
DHCP:
[FW]dhcp enable
[FW]interface GigabitEthernet 1/0/1.1
[FW-GigabitEthernet1/0/1.1]dhcp select interface
[FW-GigabitEthernet1/0/1.1]interface GigabitEthernet 1/0/1.2
[FW-GigabitEthernet1/0/1.2]dhcp select interface
web页面:
clent1:IP
dhcp补全信息
防火墙安全区域划分
web页面:Trust_A
Trust_B:
[FW]firewall zone name Trust_B
[FW-zone-Trust_B]set priority 80
[FW-zone-Trust_B]add interface GigabitEthernet 1/0/1.2
[FW]firewall zone dmz
[FW-zone-dmz]add interface GigabitEthernet 1/0/0
[FW]firewall zone untrust
[FW-zone-untrust]add interface GigabitEthernet 1/0/2
防火墙地址组信息
管理员
对应接口开启telnet功能:
web:
telnet配置:
[FW]telnet server enable
[FW]user-interface vty 0 4
[FW-ui-vty0-4]protocol inbound telnet
[SW2]interface Vlanif 10
[SW2-Vlanif10]ip address 172.16.1.10 24
创建管理员:
认证域openlab
高管用户
认证策略:
认证策略界面:
修改密码
安全策略配置
web安全策略界面,安全策略命中次数
